Source Job

Global Unlimited PTO

  • Conduct application security reviews including threat modeling, code review, and risk assessment for new features.
  • Perform and improve SAST/DAST operations, triage, validation, and remediation tracking in CI/CD pipelines.
  • Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces.

Python Threat Modeling AI Security

20 jobs similar to Senior Application Security Engineer

Jobs ranked by similarity.

$218,000–$273,000/yr
US Canada Unlimited PTO

  • Own and improve the secure software development lifecycle, perform application security reviews, threat modeling, and deep code-level analysis for high-impact product, platform, and AI features.
  • Drive vulnerability management across internal reviews, bug bounty, pentests, and other research signals, ensuring findings are validated, prioritized, and tracked through remediation.
  • Configure and improve AppSec tooling and integrations, and use AI to automate and scale security processes while validating outputs with strong engineering judgment.

Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally. Founded in 2015, the company is one of the fastest growing companies in SaaS, raising approximately $250 million to date and valued at $1.6 billion.

Spain

  • Play a key role in protecting and strengthening large-scale cloud-native applications that power next-generation AI infrastructure.
  • Work at the intersection of software engineering and cybersecurity, ensuring security is embedded throughout the software development lifecycle.
  • Collaborate cross-functionally to identify and remediate vulnerabilities in complex distributed systems.

Our partner is a company building large-scale cloud-native applications that power next-generation AI infrastructure. They have a high-impact security engineering environment with a collaborative and innovative culture focused on trust, learning, and impact.

Global Unlimited PTO

  • Conduct threat modelling reviews of Technical Design Documents (TDDs) and provide actionable security recommendations early in the design process.
  • Perform application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept development.
  • Investigate, triage, and respond to Bug Bounty program submissions, validating findings and driving timely remediation with engineering teams.

MoonPay is a unified payments platform for digital currency. Trusted by over 30 million customers and over 500 ecosystem partners, the company is committed to building a fairer, more open financial system with a culture of accountability and inclusivity.

$192,000–$240,000/yr
United States

  • Perform penetration testing and design reviews to identify vulnerabilities and insecure designs.
  • Maintain and build internal tools to automate security efforts, including SAST and DAST testing.
  • Identify vulnerabilities, demonstrate business impact, and articulate risk to drive prioritization.

Brex is the intelligent finance platform that enables companies to spend smarter and move faster in over 200 markets. With tens of thousands of customers including DoorDash, Coinbase, and Zoom, Brex fosters a diverse and inclusive team culture where collaboration with some of the brightest minds in the industry is key.

$175,000–$215,000/yr
US 4w PTO 12w maternity 12w paternity

  • Partner with Product and Engineering teams to integrate security into application design and development, leading threat modeling and secure code reviews.
  • Develop and implement automated security guardrails across the SDLC, investigate and prioritize application security findings.
  • Promote secure coding practices through training and coaching, and create security standards and procedures that scale across teams.

Quanata is an insurance technology innovation company that engineers advanced risk prediction and prevention solutions and builds a full-stack, flexible, digital & increasingly AI-native insurance platform. We are a remote-first company wholly owned and funded by State Farm, with a culture that prioritizes inclusivity and positive collaboration.

$60,000–$211,000/yr
Canada

  • Embed secure-by-design principles across cloud, SaaS, and AI-driven systems.
  • Lead threat modeling sessions and security design reviews for applications, APIs, and microservices.
  • Define security standards, mentor engineers, and drive organization-wide risk reduction programs.

Jobgether uses an AI-powered matching process to connect candidates with hiring companies quickly and objectively. They are a remote-first, globally distributed company with an inclusive engineering culture.

US

  • Enable software engineering teams to continuously improve the security posture of products and SaaS environments through AppSec and DevSecOps expertise.
  • Serve as the go-to AppSec expert, mentoring engineers on secure design patterns and coding practices while collaborating on threat models and design reviews.
  • Lead automation of vulnerability management tooling across CI/CD pipelines, perform security code reviews, and contribute to compliance strategies.

Hypori is a high-growth cybersecurity SaaS company transforming how organizations think about secure mobility. Backed by $55M in funding from investors including UBS and AE Industrial Partners, the company is expanding into new commercial and regulated markets.

$190,800–$267,100/yr
US

  • Review and threat model AI-powered product features, LLM integrations, and agentic workflows before launch.
  • Build reusable AI security primitives like guardrails, scanners, and policy checks to secure AI development.
  • Design security tooling to detect and prevent prompt injection, jailbreaks, and data leakage in AI systems.

Reddit is a community of communities built on shared interests, passion, and trust, hosting open conversations. With over 100,000 active communities and 126 million daily active users, it is one of the largest sources of information online.

Unlimited PTO

  • Lead AppSec program assessments to evaluate current state and help clients prioritize remediation efforts based on risk, resources, and organizational readiness.
  • Design pragmatic security workflows, processes, and tooling integrations that engineering teams will actually adopt.
  • Deliver polished client work including clear assessments, actionable roadmaps, and executive communications that drive decision-making.

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. The company has grown to over 1,200 employees and serves as a trusted advisor to more than 6,200 customers.

$82,550–$170,180/yr
UK

  • Lead penetration testing engagements on applications with complex technology stacks, working independently and collaboratively.
  • Contextualize vulnerabilities and assess realistic impact to clients, ensuring quality reports and services are delivered efficiently.
  • Maintain strong depth of knowledge in application security and mentor teammates while collaborating with project managers and delivery teams.

Coalfire is a cybersecurity firm that helps clients navigate complex security challenges through advisory, assessment, and automation services. The company is headquartered in Chicago with offices across the U.S. and U.K., and supports clients worldwide with a team of passionate cybersecurity experts.

Canada

  • Lead a specialized team of security engineers focused on application, cloud, and AI system security.
  • Champion shift-left security practices including threat modeling, secure code review, and developer training.
  • Define cloud security standards and enforce security for AI systems including LLM-based agents.

Acquia empowers ambitious brands to create digital customer experiences using open source Drupal. Headquartered in Boston, MA, it is a Great Place to Work-Certified company and among the world's top software companies.

Canada

  • Design and ship scalable security solutions to bridge the gap between security and engineering teams.
  • Build cooperative partnerships with product and engineering teams to integrate robust security capabilities at scale.
  • Drive security risk reduction through technical leadership, security reviews, and mentorship across engineering teams.

Twilio is a communications platform that delivers innovative solutions to hundreds of thousands of businesses and empowers millions of developers worldwide to craft personalized customer experiences. The company has a remote-first work culture with a strong focus on connection, global inclusion, and diverse experiences, making a global impact each day.

Europe US Unlimited PTO

  • Triage, validate, and remediate security vulnerabilities across products, infrastructure, and internal systems.
  • Develop, maintain, and contribute to internal and open-source security tooling, writing production-grade code.
  • Improve secure development practices through code reviews, threat modeling, and security design reviews.

Tiger Data provides the fastest PostgreSQL platform for transactional, analytical, and agentic workloads. With over 2,000 customers and 3 million active databases, it is a remote-first team backed by $180 million in funding.

$135,481–$227,700/yr

  • Build, operate, and maintain core security infrastructure to protect enterprise systems.
  • Collaborate with engineering, IT, and security teams to implement security tools and policies.
  • Mentor team members and drive automated alerting and response capabilities.

Samsara is the pioneer of the Connected Operations Cloud, a platform that helps organizations harness IoT data to improve safety, efficiency, and sustainability of physical operations. As a recently public company with thousands of employees, Samsara fosters a culture of ownership, collaboration, and growth, aiming to digitally transform industries that represent over 40% of global GDP.

Europe

  • Champion and implement security best practices and automated tooling across Spotify's infrastructure and platforms.
  • Partner closely with teams to integrate security throughout the software development lifecycle from design to deployment.
  • Conduct threat modeling, security reviews, and risk assessments for both AI and non-AI systems.

Spotify is the world's most popular audio streaming subscription service, unlocking the potential of human creativity by giving artists the opportunity to live off their art. With over 700 million users, the company values curiosity, collaboration, and a willingness to both teach and learn from others.

US Unlimited PTO

  • Deliver Application Security services including threat modeling, architecture reviews, and program assessments.
  • Author comprehensive reports tailored to technical and managerial audiences with remediation strategies.
  • Contribute to practice development and mentor team members while embracing emerging technologies.

GuidePoint Security provides trusted cybersecurity expertise, solutions, and services to help organizations minimize risk. With over 1,200 employees, the company fosters a collaborative culture focused on mentorship and knowledge sharing.

Global Unlimited PTO

  • Own end-to-end security reviews across smart contracts, backend services, and frontend surfaces.
  • Build and ship an agentic security CI/CD pipeline that runs autonomously against every PR and release candidate.
  • Triage and manage the bug bounty program, reproduce findings, and route confirmed issues to engineering with context.

Polygon Labs is a global blockchain payments company building infrastructure to move money instantly and reliably. It has facilitated trillions in onchain value transfer and supports millions of daily transactions for banks, fintechs, and enterprises.

$130,000–$160,000/yr
US Unlimited PTO 18w maternity 12w paternity

  • Own the managed AI platform posture end-to-end, anticipating changes and governing usage across the organization.
  • Build financial visibility with token tracking dashboards, anomaly detection, and ROI reporting for leadership.
  • Harden AI security posture by mitigating prompt injection risks and ensuring no sensitive data flows into AI prompts.

Chainguard is the trusted source for open source, delivering hardened, secure builds of open source software and AI agents. They are venture-backed by leading investors and count Fortune 500 enterprises like Anduril, Canva, and OpenAI as customers.

$169,000–$208,000/yr
United States

  • Build and evolve the agent harness and orchestration that turns an LLM into a reliable autonomous pentester.
  • Design tools and validation layers to keep the agent reliable, with structured outputs and production-safety.
  • Own and grow evaluation infrastructure to measure and drive agent improvements.

Horizon3.ai is a fast-growing remote cybersecurity company that provides autonomous penetration testing through its NodeZero platform. The company fosters a culture of respect, collaboration, and ownership, with a team of former cyber operators and engineers.

UK Global

  • Lead and own the ongoing operation and maintenance of Samsara’s vulnerability management program.
  • Collaborate with engineering teams to track and support the remediation of identified vulnerabilities.
  • Champion Samsara’s cultural principles in daily work.

Samsara is the pioneer of the Connected Operations Cloud, enabling organizations to harness IoT data for actionable insights. As a recently public company with a global team, they foster a culture of rapid career development and encourage employees to architect their own careers.